Hi Louis, Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle:> Hai.. > > After a new setup i was confronted again with the unable to login with RDP. > so here is some extra info for the debugging this. > > I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. > and again unable to login. > > since im trying to setup a smb.conf with minimal changes, i only added : > auth methods = sam, winbind > > restarted samba on both DC's > > and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. > So i hope this info helps in debugging .. > > config file used, > # Global parameters > [global] > workgroup = DOMAIN > realm = DOMAIN.TESTING > netbios name = DC1 > server role = active directory domain controller > server services = -dns > auth methods = sam, winbind > idmap_ldb:use rfc2307 = yes > > interfaces = 127.0.0.1 192.168.0.1 > bind interfaces only = yes > time server = yes > wins support = yes > > idmap config * : backend = tdb > idmap config * : range = 2000-9999 > idmap config DOMAIN : backend = ad > idmap config DOMAIN : schema_mode = rfc2307 > idmap config DOMAIN : range = 10000-3999999 > > # Use home directory and shell information from AD > winbind nss info = rfc2307 > > winbind trusted domains only = no > winbind use default domain = yes > winbind expand groups = 3 > > > Greetings, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: Andrew Bartlett [mailto:abartlet at samba.org] >> Verzonden: maandag 27 april 2015 8:37 >> Aan: L.P.H. van Belle >> CC: samba at lists.samba.org >> Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) >> >> On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: >>> sorry for the noise.. >>> >>> I missed the solution in my mail. just saw it online.. >>> >>> The working version for rdp login.. >>> I can confirm also that after adding these to the smb.conf >>> >>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, >> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, >> browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc >>> auth methods = sam, winbind, ntdomain, ntdomain:winbind >>> >>> I was able to login with RDP also. >>> sernet samba 4.2.1 - Windows 7 64bit. >>> >> To be VERY clear, neither of these things are solutions. They are >> debugging aids, but running in either of these configurations in the >> long term (I say this because in Samba, suggestions like this >> turn up in >> google for years) will just result in pain. >> >> 'smb' means the NTVFS file server, and while quite capable, and still >> tested, it hasn't been worked on in years, and has no support >> for things >> like POSIX ACLS, SMB3, VFS modules and unix extensions. >> >> the changes to 'auth methods' makes the server behave in a weird >> combination of an NT4 DC and an AD DC. >> >> That said, I find it most intriguing that these help, and that >> information has been recorded on the bug, and will assist >> those who made >> the change between 4.1 and 4.2. >> >> Andrew Bartlett >> >> -- >> Andrew Bartlett http://samba.org/~abartlet/ >> Authentication Developer, Samba Team http://samba.org >> Samba Developer, Catalyst IT >> http://catalyst.net.nz/services/samba >> >> >>Looking at the smb.conf manpage the winbind method is prefered in most cases. Also I read the manual as the entries are tried in the order used in smb.conf. Can you test if it also works with "auth methods = winbind sam", seems to me to be an even less intrusive modification. :-) achim~
Bob of Donelson Trophy
2015-Apr-30 14:18 UTC
[Samba] samba 4.2 RDP problem (extra debug info)
I see with in Achim response, " Also I read the manual . . ." What manual? How do I a copy of "the manual?" Just asking. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [4] "Everyone deserves an award!!" On 2015-04-30 08:51, Achim Gottinger wrote:> Hi Louis, > > Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle: > Hai.. After a new setup i was confronted again with the unable to login with RDP. so here is some extra info for the debugging this. I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. and again unable to login. since im trying to setup a smb.conf with minimal changes, i only added : auth methods = sam, winbind restarted samba on both DC's and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. So i hope this info helps in debugging .. config file used, # Global parameters [global] workgroup = DOMAIN realm = DOMAIN.TESTING netbios name = DC1 server role = active directory domain controller server services = -dns auth methods = sam, winbind idmap_ldb:use rfc2307 = yes interfaces = 127.0.0.1 192.168.0.1 bind interfaces only = yes time server = yes wins support = yes idmap config * : backend = tdb idmap config * : range = 2000-9999 idmap config DOMAIN : backend = ad idmap config DOMAIN : schema_mode = rfc2307 idmap config DOMAIN : range = 10000-3999999 # Use home directory and shell information from AD winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind expand groups = 3 Greetings, Louis -----Oorspronkelijk bericht----- Van: Andrew Bartlett [mailto:abartlet at samba.org] Verzonden: maandag 27 april 2015 8:37 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: sorry for the noise.. I missed the solution in my mail. just saw it online.. The working version for rdp login.. I can confirm also that after adding these to the smb.conf dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc auth methods = sam, winbind, ntdomain, ntdomain:winbind I was able to login with RDP also. sernet samba 4.2.1 - Windows 7 64bi t. To be VERY clear, neither of these things are solutions. They are debugging aids, but running in either of these configurations in the long term (I say this because in Samba, suggestions like this turn up in google for years) will just result in pain. 'smb' means the NTVFS file server, and while quite capable, and still tested, it hasn't been worked on in years, and has no support for things like POSIX ACLS, SMB3, VFS modules and unix extensions. the changes to 'auth methods' makes the server behave in a weird combination of an NT4 DC and an AD DC. That said, I find it most intriguing that these help, and that information has been recorded on the bug, and will assist those who made the change between 4.1 and 4.2. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ [1] Authentication Developer, Samba Team http://samba.org [2] Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba [3] Looking at the smb.conf manpage the winbind method is prefered in most cases. Also I read the manual as the entries are tried in the order used in smb.conf. Can you test if it also works with "auth methods = winbind sam", seems to me to be an even less intrusive modification. :-) achim~ Links: ------ [1] http://samba.org/~abartlet/ [2] http://samba.org [3] http://catalyst.net.nz/services/samba [4] http://www.donelsontrophy.com
Hello Bob, Am 30.04.2015 um 16:18 schrieb Bob of Donelson Trophy:> > > I see with in Achim response, " Also I read the manual . . ." > > What manual? How do I a copy of "the manual?" > > Just asking.man smb.conf Achim~> > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846 (main) > www.donelsontrophy.com [4] > > "Everyone deserves an award!!" > > On 2015-04-30 08:51, Achim Gottinger wrote: > >> Hi Louis, >> >> Am 30.04.2015 um 15:31 schrieb L.P.H. van Belle: >> Hai.. After a new setup i was confronted again with the unable to login with RDP. so here is some extra info for the debugging this. I used RDP to connect a Windows 7 64 bit, connected in rdp with ipadres of the pc. and again unable to login. since im trying to setup a smb.conf with minimal changes, i only added : auth methods = sam, winbind restarted samba on both DC's and yes.. im able to login again, ADUC works, i can add users .. and DNS tool did also work fine. So i hope this info helps in debugging .. config file used, # Global parameters [global] workgroup = DOMAIN realm = DOMAIN.TESTING netbios name = DC1 server role = active directory domain controller server services = -dns auth methods = sam, winbind idmap_ldb:use rfc2307 = yes interfaces = 127.0.0.1 192.168.0.1 bind interfaces only = yes time server = yes wins support = yes idmap config * : backend = tdb idmap config * : range = 2000-9999 idmap config DOMAIN : backend = ad idmap config DOMAIN : schema_mode = rfc > 2307 > idmap config DOMAIN : range = 10000-3999999 # Use home directory and shell information from AD winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind expand groups = 3 Greetings, Louis -----Oorspronkelijk bericht----- Van: Andrew Bartlett [mailto:abartlet at samba.org] Verzonden: maandag 27 april 2015 8:37 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] samba 4.2 RDP problem (solved) On Wed, 2015-04-22 at 17:12 +0200, L.P.H. van Belle wrote: sorry for the noise.. I missed the solution in my mail. just saw it online.. The working version for rdp login.. I can confirm also that after adding these to the smb.conf dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc auth methods = sam, winbind, ntdomain, ntdomain:winbind I was able to login with RDP also. sernet samba 4.2.1 - Windows 7 64bi > t. To be > VERY clear, neither of these things are solutions. They are debugging aids, but running in either of these configurations in the long term (I say this because in Samba, suggestions like this turn up in google for years) will just result in pain. 'smb' means the NTVFS file server, and while quite capable, and still tested, it hasn't been worked on in years, and has no support for things like POSIX ACLS, SMB3, VFS modules and unix extensions. the changes to 'auth methods' makes the server behave in a weird combination of an NT4 DC and an AD DC. That said, I find it most intriguing that these help, and that information has been recorded on the bug, and will assist those who made the change between 4.1 and 4.2. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ [1] Authentication Developer, Samba Team http://samba.org [2] Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba [3] > > Looking at the smb.conf manpage the winbind method is prefered in most > cases. Also I read the manual as the entries are tried in the order used > in smb.conf. Can you test if it also works with "auth methods = winbind > sam", seems to me to be an even less intrusive modification. :-) > > achim~ > > > > Links: > ------ > [1] http://samba.org/~abartlet/ > [2] http://samba.org > [3] http://catalyst.net.nz/services/samba > [4] http://www.donelsontrophy.com